Commit Graph

284 Commits

Author SHA1 Message Date
linse
2d78d47591 Support firewall rules with hostnames.
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
Co-Authored-By: Olle Jonsson <olle.jonsson@gmail.com>
Co-Authored-By: hannes <hannes@mehnert.org>
Co-Authored-By: cfcs <cfcs@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
linse
87df5bdcc0 Read firewall rules from QubesDB. The module Rules contains a rule matcher instead of hardcoded rules now.
Co-Authored-By: Mindy Preston <yomimono@users.noreply.github.com>
2020-05-15 16:25:46 +02:00
Thomas Leonard
02e515d27c
Merge pull request #95 from hannesm/mirage-nat.2.1.0
mirage-nat.2.1.0
2020-02-19 14:27:41 +00:00
Thomas Leonard
65324b4197 Update Dockerfile to get new mirage-nat version 2020-02-19 14:16:49 +00:00
Hannes Mehnert
88fec9fa49 adapt to mirage-nat 2.1.0 API (Nat_packet returns a Fragments.Cache.t - which is now a Lru.F.t) 2020-02-08 15:58:37 +01:00
Hannes Mehnert
554e73a46d cleanup: remove exception cases during Ethernet decode / Nat.of_ipv4_packet - they do not raise exceptions anymore 2020-02-08 15:55:32 +01:00
Thomas Leonard
0ced0ee901
Merge pull request #91 from xaki23/mirage-3.7-qb
support mirage-3.7 via qubes-builder
2020-01-14 14:50:22 +00:00
Thomas Leonard
16581b1e2e
Merge pull request #90 from talex5/cleanup
Minor cleanups
2020-01-14 12:54:48 +00:00
xaki23
e68962ac48
support mirage-3.7 via qubes-builder 2020-01-13 20:48:46 +01:00
Thomas Leonard
8e714c7712 Removed unreachable Lwt.catch
Spotted by Hannes Mehnert.
2020-01-13 10:05:38 +00:00
Thomas Leonard
ab3508a936 Remove unused Clock argument to Uplink 2020-01-13 09:54:09 +00:00
Thomas Leonard
48b38fa992 Fix Lwt.4.5.0 in the Dockerfile for faster builds
Otherwise, it installs Lwt 5 and then has to downgrade it in the next
step.
2020-01-13 09:49:37 +00:00
Thomas Leonard
e851565823
Merge pull request #89 from roburio/mirage-3.7
support Mirage 3.7 and mirage-nat 2.0.0
2020-01-13 09:45:04 +00:00
Hannes Mehnert
a734bcd2d3 [ci skip] adjust expected sha256 2020-01-11 16:01:08 +01:00
Hannes Mehnert
730957d19b upgrade opam repository to current head and mirage to 3.7.4 2020-01-11 15:46:22 +01:00
Hannes Mehnert
28bda78d20 fix deprecation warnings (Mirage_clock_lwt -> Mirage_clock) 2020-01-11 15:46:02 +01:00
Hannes Mehnert
3fc418e80c qualify all return with Lwt, use Lwt.return_unit where possible 2020-01-11 15:44:30 +01:00
Hannes Mehnert
0f476c4d7b mirage-nat 2.0.0 and mirage-qubes 0.8.0 compatibility 2020-01-11 15:36:02 +01:00
Hannes Mehnert
c66ee54a9f revert bc7706cc97, mirage-xen since 5.0.0 reverted the split of OS into Os_xen 2020-01-11 14:34:25 +01:00
Thomas Leonard
e8f62b8532
Merge pull request #88 from xaki23/pin-mirage-3.5.2
pin mirage to 3.5.2 for qubes-builder builds
2019-12-28 19:50:47 +00:00
xaki23
43656be181
pin mirage to 3.5.2 for qubes-builder builds 2019-12-27 23:19:35 +01:00
Thomas Leonard
dab790cb68
Merge pull request #83 from marmot1791/marmot1791-patch-readme
Note that AppVM Size may need to increase
2019-12-14 12:05:46 +00:00
Snowy Marmot
dad1f6a723
Update per review
Update with suggested wording per talex5
2019-12-14 00:24:55 +00:00
Snowy Marmot
315fe4681e
Note that AppVM Size may need to increase
Add note that AppVM used to build from source may need a private image larger than the default 2048MB.
2019-11-27 16:01:58 +00:00
Thomas Leonard
706be3d823
Merge pull request #81 from talex5/upstream-updates
Fix build
2019-11-18 09:46:14 +00:00
Thomas Leonard
930d209cdb Fix build
- A new ocaml-migrate-parsetree.1.4.0 was released, replacing the old
  1.4.0 with new code. This was rejected by the checksum test.
  Fixed by updating to the latest opam-repository.
  See: https://github.com/ocaml/opam-repository/pull/15294

- The latest opam-repository pulls in mirage 3.7, which doesn't work
  (`No available version of mirage-clock satisfies the constraints`), so
  pin the previous mirage 3.5.2 version instead.

- Mirage now generates `.merlin`, so remove it from Git.
2019-11-17 14:33:56 +00:00
Thomas Leonard
32e4b8a31a
Merge pull request #80 from talex5/upstream-updates
Upstream updates
2019-08-25 19:09:54 +01:00
Thomas Leonard
49195ed5e1 Update Docker build for new mirage-xen
Also, switched to the experimental new OCurrent images, as they are much
smaller:

- Before: 1 GB (ocaml/opam2:debian-10-ocaml-4.08)
- Now:  309 MB (ocurrent/opam:alpine-3.10-ocaml-4.08)
2019-08-25 19:01:22 +01:00
xaki23
bc7706cc97
rename things for newer mirage-xen versions 2019-08-25 18:12:59 +02:00
xaki23
3fefba21a7
bump OCAML_VERSION to 4.08.1 2019-08-25 18:12:17 +02:00
Thomas Leonard
b8a310dfa6
Merge pull request #75 from talex5/upstream-updates
Update to latest ipaddr
2019-07-28 17:48:09 +01:00
xaki23
cac3e53be1 README: create the symlink-redirected docker dir
Otherwise, installing the docker package removes the dangling symlink.
2019-07-28 17:35:59 +01:00
Thomas Leonard
ce29c09f0f Show final sha256 checksum in Travis output 2019-07-28 17:08:10 +01:00
Thomas Leonard
8b411db751 Removed some hard-coded installs from Dockerfile
There's no advantage to installing these manually, and with the current
version of mirage they had to be downgraded again in the next step.
2019-07-28 16:49:16 +01:00
xaki23
16231e2e52 Adjust to ipaddr-4.0.0 renaming _bytes to _octets 2019-07-28 16:49:04 +01:00
xaki23
cb6d03d83d Use OCaml 4.08.0 for qubes-builder builds (was 4.07.1) 2019-07-28 16:43:04 +01:00
Thomas Leonard
aeaab0f078
Merge pull request #72 from talex5/unpin-netchannel
Remove netchannel pin
2019-06-22 15:34:30 +01:00
Thomas Leonard
f9856a3605 Remove netchannel pin
Version 1.11.0 has been released now, and the current trunk doesn't
build without updating other things. The error was:

    File "lib/xenstore.ml", line 165, characters 19-34:
    Error: The module OS is an alias for module Os_xen, which is missing
        ocamlopt lib/.netchannel.objs/native/netchannel__Backend.{cmx,o} (exit 2)
    (cd _build/default && /home/opam/.opam/4.07/bin/ocamlopt.opt -w -40 -g -I lib/.netchannel.objs/byte -I lib/.netchannel.objs/native -I /home/opam/.opam/4.07/lib/base/caml -I /home/opam/.opam/4.07/lib/bigarray-compat -I /home/opam/.opam/4.07/lib/bytes -I /home/opam/.opam/4.07/lib/cstruct -I /home/opam/.opam/4.07/lib/fmt -I /home/opam/.opam/4.07/lib/io-page -I /home/opam/.opam/4.07/lib/io-page-x[...]
    File "lib/backend.ml", line 23, characters 16-29:
    Error: The module OS is an alias for module Os_xen, which is missing

Reported by ronpunz in https://groups.google.com/forum/#!topic/qubes-users/PsYUXvypPDs
2019-06-22 14:57:04 +01:00
Thomas Leonard
e7eb4412ed
Merge pull request #71 from talex5/remove-cmdliner-pin
Remove cmdliner pin as 1.0.4 is now released
2019-06-22 14:40:44 +01:00
Thomas Leonard
d36ecf96af Remove cmdliner pin as 1.0.4 is now released
Reverts 06511e076f
2019-06-15 12:57:37 +01:00
Thomas Leonard
448ba654fb
Merge pull request #69 from jaseg/patch-1
Fix ln(1) call in build instructions
2019-05-31 09:06:09 +01:00
jaseg
0a4b01a841
Fix ln(1) call in build instructions
The arguments were backwards. [```ln``` takes the link target first, then the link name](https://linux.die.net/man/1/ln).
2019-05-31 12:50:33 +09:00
yomimono
7d22eafa59
Merge pull request #68 from talex5/updatevm
Note that mirage-firewall cannot be used as UpdateVM
2019-05-29 17:55:25 -05:00
yomimono
0c571a0601
Merge pull request #67 from talex5/fix-typo
Fix typos in docs
2019-05-29 17:54:51 -05:00
Thomas Leonard
3ab7284a64 Note that mirage-firewall cannot be used as UpdateVM
Reported at: https://groups.google.com/forum/#!topic/qubes-users/YPFtbwyoUjc
2019-05-29 15:25:10 +01:00
Thomas Leonard
de7d05ebfa Fix typos in docs 2019-05-29 09:01:08 +01:00
yomimono
adb451e7e3
Merge pull request #66 from talex5/add-changelog
Add CHANGELOG
2019-05-28 15:25:48 -05:00
Thomas Leonard
ee97d67c84 Add CHANGELOG
Older entries are imported from the release notes. The 0.6 ones are from
the Git commits.
2019-05-28 21:09:52 +01:00
yomimono
c55819ffdf
Merge pull request #64 from talex5/combine-ips
Combine Client_gateway and Firewall_uplink
2019-05-16 18:03:59 -04:00
Thomas Leonard
672c82c43c Combine Client_gateway and Firewall_uplink
Before, we used Client_gateway for the IP address of the firewall on the
client network and Firewall_uplink for its address on the uplink
network. However, Qubes 4 uses the same IP address for both, so we can't
separate these any longer, and there doesn't seem to be any advantage to
keeping them separate anyway.
2019-05-16 19:30:51 +01:00